Spam and phishing emails

It is nearly impossible for a computer program to accurately discriminate between junk mail and desired mail. ITMS works to filter as much of the junk mail that can be deemed "junk" however due to the nature of the internet, there will still be some that sneak through.

What we can do however, is help you to identify which emails are spam and which are phishing and deal with them accordingly.

Note: Please save the original email as a *.msg, attach it to a new email and forward to report-spam@cdu.edu.au. It will be inspected and blocked if needed.

If you think you may have inadvertently supplied your CDU username and password to an email or website, please change your password immediately and contact ITMS on (08) 8946 6600.

Please see the relevant drop down panels below to see how to deal with them.

Spam: emails sent to a recipient that are not wanted, similar to junk mail you would get in your home letterbox.

Phishing: emails containing links to websites asking for usernames and passwords or other personal information (ie. fishing for information)

Be aware some of these emails and websites can look official with CDU logos and names however ITMS will never ask you for your username or password.

Spam emails are harder to block due to the constant changing of addresses from which they are sent from. Phishing emails however, usually point to a particular webpage which is designed to "trick" users into believing that they are from a legitimate source and request that a user sign in.

ITMS has been informed that some users receive “Cold Calls”. This is where the caller requests the user to participate in a Survey (or other online activity) and then gives them the address of a “Malicious Website” that will infect their computer. We strongly advise you to just hang up on these calls.

So you may ask, “what are the consequences of not protecting my username and password?”

Some staff may be under the false impression that maintaining the security of their username and password is not very important, as it will only affect them. This is not correct and has the potential to affect everyone at CDU.

To better understand the importance of account security, please read the explanation below.

Once a username and password has been obtained by a “spammer,” they will start to send Spam emails from that compromised email account, as if they were the legitimate owner of that email account. Companies such as Hotmail, Yahoo Mail, and Gmail start to receive this flood of emails and then blacklist the place they came from (ie CDU), not the person. These blacklists are then subscribed to by other organisations such as the NT Government and Federal Government departments, which means that anyone at CDU that tries to send an email to people whose workplace subscribes to these blacklists, will start to get emails bouncing back to them. This is because CDU has been blacklisted and the organisations are rejecting the emails. Getting removed from a blacklist is not an easy thing to do as it can require changes to the mail servers and contacting people outside of CDU to make changes that are outside of our control.

The spammers get sneaky in other ways. They may trick 6 people in to giving them their username and passwords and then use only two of these. Once these two email accounts have been locked down again, they will use the next two and so on. Often they will wait for a Friday night, or the night before a long weekend, to start using the username and passwords, because they know it will take longer to be picked up and then corrected, which allows them more time to send more spams than they normally would. So if you think you may have been tricked, even though no one may have contacted you, there is no harm changing your password to remove this possibility.

These types of emails are usually personalised to the receiver and are focused on marketing a particular product or service.

Every marketing based email will have a visible "unsubscribe" mechanism, and this is usually a link at the bottom of the email. If you want to unsubscribe, scroll all the way down to the bottom and look for the “unsubscribe” link. It’s often in fairly small text so you don’t notice it, but it should always be there. To speed things up, you can press "Ctrl+F" to bring up the search feature in your browser or email client and type “unsubscribe” to search for it.